News

Securelist
securelist.com > goserpent-backdoor-in-southeast-asia > 120687

GoSerpent backdoor attacks in Southeast Asia

9+ hour, 15+ min ago  (952+ words) In February 2026 we discovered a set of malicious activities that have been ongoing since late 2025. These activities involved a RAT module written in Go with proxy capabilities, serving as the main stage of the attack. The attack targeted government and…...

Securelist
securelist.com > okobot-framework-targets-cryptocurrency-wallets > 120660

OkoBot framework infection chain

1+ day, 11+ hour ago  (789+ words) We dubbed this updated TookPS campaign “OkoBot”. Original OkoBot infection chain New OkoBot infection chain Both infection vectors trigger the execution of the malicious script TookPS, which installs SSH on the victim’s system, establishes a connection to the attacker-controlled SSH…...

Google News
securelist.com > microsoft-device-code-phishing-attack > 120350

When checking the URL isn’t enough: phishing via the Microsoft identity platform

1+ week, 3+ day ago  (796+ words) 2. Displaying the code to the user The device displays both the user_code and the verification_uri to the user, instructing them to complete authentication on another device. For instance, a smart TV will display the code and URL — often rendering the verification_uri as a…...

Google News
securelist.com > tr > armored-likho-apt-with-busysnake-stealer > 120292

Armored Likho’s new weapon: BusySnake Stealer

1+ week, 6+ day ago  (1633+ words) posted 03 Jul 2026 The downloaded archives are extracted into the $appdata\WindowsHelper directory. This serves as the malware’s working directory, where all subsequent components of the attack are staged and executed. The fetched package contains the following components: Once executed, the…...

Securelist
securelist.com > tr > the-soc-files-screenconnect-campaign-with-asyncrat > 120472

How a single ScreenConnect incident exposed a massive campaign

2+ week, 1+ day ago  (1337+ words) posted 01 Jul 2026 During a recent investigation engagement, the Kaspersky Managed Detection and Response (MDR) team discovered the ScreenConnect remote access tool being leveraged to deploy and execute an AsyncRAT payload. We continue to break down complex, multi-stage incidents like this…...

Securelist
securelist.com > toddycat-apt-umbrij-tool-and-oauth > 120251

How the ToddyCat APT group gains access to Gmail accounts

2+ week, 2+ day ago  (1644+ words) The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack…...

Securelist
securelist.com > tr > schneider-electric-cve-2024-2658-vulnerability > 120436

CVE-2024-2658 vulnerability in Schneider Electric software: risks to industrial control systems

2+ week, 6+ day ago  (386+ words) posted 26 Jun 2026 This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system application referencing an OpenSSL configuration file at a hardcoded path without proper access controls. We will examine the role the FlexNet Publisher component…...

Securelist
securelist.com > smb-threat-report-2026 > 120357

Threat landscape for SMBs in 2026: fake AI tools, phishing and more

3+ week, 11+ hour ago  (784+ words) Small and medium-sized businesses (SMBs) remain attractive targets for cybercriminals – in both mass cyberattacks and sophisticated campaigns targeting larger enterprises through trusted relationship attacks. At the same time, smaller businesses may lack the robust cybersecurity policies and necessary resources to…...

Securelist
securelist.com > tr > mini-plasma-vulner > 120099

MiniPlasma: detecting exploitation

1+ mon, 1+ week ago  (437+ words) posted 03 Jun 2026 Over the past two months, the anonymous researcher Nightmare Eclipse (also known as Chaotic Eclipse) has publicly released six Windows vulnerabilities complete with ready-to-use exploits, without prior coordination with Microsoft. The most critical of these is MiniPlasma, a…...

Securelist
securelist.com > container-attack-vectors > 120010

Containers on fire: from container escapes to supply chain attacks

1+ mon, 2+ week ago  (1103+ words) Today, attacks on container environments have evolved into full-fledged, multi-stage scenarios involving supply chain compromises, Kubernetes secrets theft, orchestration API abuse, and container escape attempts. This article examines the primary container attack vectors that retain top relevance today. A container…...